search

pry0cc / axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
MIT License
3.92k stars 615 forks source link

Need Help - axiom-scan adds '' with _target_ #755

Closed Nishantbhagat57 closed 9 months ago

Nishantbhagat57 commented 9 months ago

@0xtavian So I was using my custom axiom module that uses ffuf but faced some error. Debugging it I got to know that axiom-scan adds '' automatically when using _target_ in axiom modules

I haven't faced this issue before, I can see you have implemented some changes in axiom-scan recently so maybe it's due to that. To confirm this issue I used the default ffuf.json module: https://github.com/pry0cc/axiom/blob/5c7f699a180984aaed21161ee6dc42fb4d5699cf/modules/ffuf.json

My command: axiom-scan /home/nishant57/BB/inputf.txt -m ffuf -o /home/nishant57/BB/ffuf.txt Output: [14:18:23] [THREAD] [/home/op/go/bin/ffuf -w /home/op/lists/seclists/Discovery/Web-Content/big.txt -u ''http://xyz.com'/FUZZ' -of csv -o output/xyz.com -ac] Added to Queue

You can see here: ''http://xyz.com'/FUZZ' This will never work, It should be:'http://xyz.com/FUZZ'

P.S. I attempted to reach out to you through the axiom 0x00sec discord channel, but it seems you haven't been active on Discord recently. Therefore, I'm raising this issue here.

0xtavian commented 9 months ago

@Nishantbhagat57 Thanks. This was due to the latest changes in axiom-scan. I fixed the two ffuf modules. Going to close this issue but lmk if you continue to see any issues.

Nishantbhagat57 commented 9 months ago

@0xtavian Hey, I don't think this will work, I am not on my PC rn but from what I can see the fix you have implemented is not enough.

For example, you have changed the -u '_target_/FUZZ' to -u _target_/FUZZ

Suppose if the _target_ is google.com then it will be seen as -u 'google.com'/FUZZ which ofcourse will not work with FFUF as the correct syntax should be -u 'google.com/FUZZ' (note the difference)

It's not just about the FFUF module. It should be upon user if he wants to add '' he can add it manually in his custom axiom modules.

Nishantbhagat57 commented 9 months ago

@0xtavian The ffuf.json and ffuf_base.json were already correct...The issue is that axiom-scan now adds '' with _target_ by default. I think there may be some other modules too that will break due to this ''